Senior Applications Security Specialist (3-4 yrs)

Job Specification :

Application Security (AppSec) Engineer

Location : India

Department : Integration CoE

Role Summary : We are seeking a skilled Application Security (AppSec) Engineer to join our Integration Center of Excellence (CoE) team.

In this role, you will implement integration security guidelines and strategy into actionable tasks while ensuring integration and API security compliance.

You will work closely with the AppSec core team and development teams to enforce secure and scalable security practices across integration platforms.

This position requires a deep understanding of full-stack development, cloud-native architecture, and modern security tools, along with strong communication and collaboration skills.

Key Responsibilities :

- Implement integration security guidelines and strategies into development practices.

- Build and enforce API security compliance that is aligned with integration security policies.

- Enable and guide the development community in adopting security policies, standards, and best practices for secure integration and API development.

- Collaborate with the AppSec core team to leverage available tools and services to tailor scalable security solutions for business applications on integration platforms.

- Work closely with development teams to review, secure, and ensure compliance of integration patterns with industry best practices.

- Support product teams in prioritising security tasks and developing secure solutions for integration challenges.

Technical Skills :

- Full-Stack Development : Strong experience in full-stack development with expertise in integration and automation.

- Programming : Proficiency in JavaScript/Node.js, Python, or Java.

- API Security : Expertise in secure API development (RESTful and GraphQL).

- Cloud-Native Development : Experience building cloud-native microservices and configuring API gateways, API management, and Web Application Firewalls (WAF) to secure APIs at runtime.

- Architecture : Strong understanding of microservices architecture and distributed systems.

- Authentication : In-depth experience with OAuth 2.0, OpenID token-based authentication, key-based authentication (mutual TLS and JWT).

- Security Tooling : Familiarity with modern security tooling including Static Application Security Testing (SAST), Software Composition Analysis (SCA), API security tools, Infrastructure as Code (IaC) security tools, and Dynamic Application Security Testing (DAST) products.

- Threat Modeling : 3+ years of experience with threat modelling processes and the ability to identify design issues based on data flow block diagrams.

Experience :

- Proven experience in integrating security measures within the development lifecycle.

- Hands-on experience in securing APIs, microservices, and integration solutions.

- Ability to work in a collaborative environment and translate security needs into technical requirements.

Soft Skills :

- Communication : Excellent communication, executive presence, and interpersonal skills, with the ability to build and maintain strong relationships with internal teams and the broader development community.

- Strategic Thinking : A strategic thinker with a data-driven, results-oriented approach.

- Independence : Self-motivated, able to work independently and thrive in a fast paced, decentralised work environment.

- Flexibility : Willingness to collaborate across time zones.

Qualifications :

- A bachelor's degree in Computer Science, Engineering, or a related field.

- Industry certifications in security (CISSP, CEH, or similar) are a plus